On Thu, Apr 17, 2014 at 09:05:42AM +0300, Marko Myllynen wrote: > Hi, > > On 2014-04-10 17:20, Jakub Hrozek wrote: > > > > our current HOWTO[1] on connecting SSSD to an AD DC is outdated, > > mostly because the page still only introduces the LDAP provider. Recently, > > me, > > Sumit and Jeremy Agee wrote a new page that specifically advises to use > > the AD provider and also use realmd for setup: > > https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server > > > > We started a new page and kept the old one around mostly because pre-1.9 > > versions still need the LDAP provider info. > > > > I'd like to get some review and feedback from our community so we can > > link the wiki page from the front page or the documentation section. In > > addition to the lists, I also CC-ed the individual contributors to the > > original page directly..I hope that's fine. > > I've been pretty detached from all this during the past year but perhaps > that's only a good thing for the review.. > > In general all looks very nice and it was certainly a good move to write > a new document. I have few nitpick comments, please see below and > address/ignore them as you see appropriate (and please pardon me if any > of these are copypastes from something I wrote for the old document :).
That's exactly why I CC-ed you and the other authors of the original document -- you may remember strange quirks of the real environments :) > > - I'd add LDP/ldapsearch examples to the GC section Good idea, this might be helpful for the admin to compare the attribute set between GC and LDAP. > - for completeness sake I'd add dns_lookup_kdc = true and master_kdc = > server.ad.example.com to the krb5.conf example I've added dns_lookup_kdc, but I'm not sure about master_kdc, why do you think it's needed? I normally prefer to stick to the defaults and let the autodiscovery do its magic. > - I'd add KRB5_TRACE=/dev/stdout kinit -V example somewhere, perhaps > after the krb5.conf example I agree, added. > - I would at least comment out password server in smb.conf Right, after re-reading the section in man smb.conf, I agree password server should not be used. > - a bit of grouping in smb.conf might make it more readable, e.g. > security/realm/workgroup could be the first block, then logging options > (location+level), then server options, then client options Done. I've changed the wiki page accordingly. Thanks a lot for the suggestions! _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users